Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Kagetsuki writes "We've just gotten a letter from an attorney representing the Business Software Alliance stating someone (we're certain it's a disgruntled former employee) submitted information we are using illegally copied software. The thing is... we're not using illegally copied software. We have licenses for all the commercial software we are using. Still, according to articles on the BSA, that's irrelevant and they'll end up suing us anyway. So we now need a lawyer to deal with their claims and we don't have the money — this will surely be the end of the company into which I've sunk all my savings and three years of my life. Has anybody dealt with the Business Software Alliance before? What action should I take? Is there any sort of financial recourse, or at least a way cover our legal fees?"

Don't agree to any BSA demands or requests.
Find a lawyer experienced with dealing with the BSA.

If you agree to an audit, it's highly probable they will find something illegal, regardless of whether you did anything illegal or not.
You need a proof of purchase for every copy of an installed software product.
If you use a Windows environment, you need proof that you had sufficient CALs for everything, on effective audit date.

If anything's not in order, or you can't find one proof of purchase for 1 license of XXX, the BSA will insist the software is pirated (even if you bought it good and legal), tack on huge fines, etc

"We've just gotten a letter from an attorney representing the Business Software Alliance stating someone (we're certain it's a disgruntled former employee)"

Be prepared to sue that former employee, for all damages and costs your business incurred as a result of their allegation, If they made a frivolous/false claim that hurt your business, and you can show who it is, take them to court.
Maybe they (and others) will think twice, before making false reports to the BSA racket people.

The BSA needs their evidence to sue you, make sure you force the BSA to divulge the identity of the person reporting.
Again, you will need legal counsel to help you with this

Be prepared to sue that former employee, for all damages and costs your business incurred as a result of their allegation, If they made a frivolous/false claim that hurt your business, and you can show who it is...

If you can show that the claim is false, you should be able to subpoena the employee identity from the BSA>

"I assume the BSA would have the information available, such as a sworn or at least signed statement from someone, to prove they actually had a reasonable basis for a lawsuit, in their own defense against claims of some sort of abuse of process, but maybe they don't keep the information."If they use the statement to justify a lawsuit they cannot then destroy it, that would be destroying evidence and would serve no purpose to the BSA. In fact, if the company they're suing returns fire then the BSA will want

Binding arbitration with non disclosure clauses, it's built into the software they did buy and agree to. They also agreed to the audit.

Unless you signed a contract to that effect, the burden of proof is on the BSA to prove that you in fact are using the software. Unless you have installed and used the software, you have not agreed to the license. Therefore, unless you are using the software, the BSA has no right to audit you. Now, unless the apps you run have a "phone home" feature or use some other online key verification, there are only three ways for the BSA to prove that you are using the software: you can admit to using the software, you can let them come into your place of business and they can observe it, or they can file a lawsuit against you and force you to disclose it during discovery.

If you neither confirm nor deny that you are using any particular piece of software and refuse to let them in, their only option for obtaining proof that they have the right to perform the audit in the first place is to go to court, file a suit, and perform discovery. Thus, unless their evidence is fairly strong, they'll probably back down if the first thing that happens involves your lawyer telling their lawyer to fuck off.

If they do not back down, that's a sure sign that you have some serious compliance problems, and you need to get somebody in there to audit all of your systems ASAP. The folks at BSADefense.com [bsadefense.com] recommend that you have an attorney conduct the audit. This places the results of the audit under attorney-client privilege, meaning that they cannot be obtained by the BSA during discovery. That seems like good advice to me.

This is both a question and a point but don't US courts require at least basic evidence before a suit can be brought?

Not generally, no. They require that the "pleading" or "complaint" state a claim on which relief can be granted, but they do not require evidence before you bring the suit. Evidence is produced through a process called "discovery" after the courts are formally involved (although they don't really do anything during discovery, and asking them to because you're in a fight about whether something is discoverable usually gets them mad at you. They don't like to get down in the mud, as it were). If there is no evidence after discovery, the matter will be dismissed, but if there is conflicting evidence, it will go to trial (usually).

At least, that is true in theory. In reality, the VAST majority of cases are settled.

They do require a little more than they used to--pleading standards were raised within the last few years--but they are not terribly high. The higher they are, the harder it is to sue someone who really deserves it but tries to hide evidence; the lower they are, the worse one can be harassed and the more someone can use lawsuits to reveal private company information.

Still, if you have absolutely no evidence--not even the testimony of someone who knows something happened--it would be highly inadvisable and possibly criminal to file a lawsuit. YMMV, IANAL, and consult an attorney if this is any way relevant to you, rather than purely academic.

We sent an affidavit stating that we had appropriately licensed software, detailed the number of employees, provided ****'d out license numbers, etc.

They then said they wanted to put a laptop on our network to verify all our license numbers. We told them to f@ck off, that we'd provided them more than enough information, and that we'd be happy to speak to the police if they thought a crime had been committed.

We had a lawyer and had him draft a letter requesting information on what they claimed was illegal. Then we offered to show them the results of an internal audit. We also offered to submit to a third party audit that BSA would have to pay for. After lots of meetings and lots of legal wrangling the BSA went away empty handed. One small difference was we were running non-licensed software and were in violation. It was a web design house with 8 graphic designers and not one legal copy of Photoshop, Illustrator, etc. Since the BSA provided us with the list they claimed was illegal, we scrubbed it from the offending boxes so as to appear legal. Then over the span of the next 2-years we bought all of the licenses needed to cover our butts. This cost over $120,000 in software licenses. Far cheaper than what the BSA wanted. But the lawyer was key. Check with the Bar in your area for a probono lawyer. Perhaps you can find someone willing to work on a sliding scale. Also check with the Small Business Administration for ideas for legal help. Good luck.

I worked for an engineering company who said they couldnt justify the 25 licenses of autocad civil3d they were pirating (but also said they needed them to maintain the workflow they had) and said that they didnt care about my liability in the matter being the only IT person in the company.
I turned them in.
The BSA offers a reward, and at first they tell you that if they have to use your testimony they cant give you anything (it would be like paying for testimony) but they tell you that its rare that you ever have to actually use your testimony as the companies generally settle.
If it gives you any comfort, the person that turned you in will not get any reward. the BSA find ways to make it so they dont have to pay out the reward for ratting you out.
Now as far as your legally obtained software.
Scan your PCs for software installed and make sure you have Purchase Records of all software installed that requires a license. this is what any lawyer you hire is going to want. the purchase records are there to prove you had the licenses prior to them coming to you stating that you didnt.
the legal group the engineering company I worked for used was Scott and Scott, iirc they are a bit pricey but they will minimize any fines or fees that could hit you from them. I say do your own due diligence first, then see where you stand. just because you didnt authorize the install of software doesnt mean you have not had an employee installing any and everything they could get a serial generator for, which on your machines, means you are responsible for it.
Oh also dont go formatting and reinstalling the OS on all of your machines. this looks bad if it goes to court like you were trying to hide something according to the lawyers at scott and scott.
I regret doing this to the engineering company myself, but in the end, they are better off for it. Autodesk gave them a huge break on network licenses for their CAD software, and they are now operating 100% legit on the software side for less in fines than it would have cost to buy the stuff out right.

You did the right thing under the circumstances, legally, morally, and ethically. No one can make a case of substance otherwise. Fat cat corporate guttersnipes do this kind of thing all the time. They calculate that the penalty is not likely to be a criminal one; they will probably not be found guilty of fraud and sent where they belong; they are only accountable to the business owners or shareholders; so they brazenly continue to defy, at an absolute minimum, business ethics and morals in a calculating

Instead of doing the right thing--giving them your advice, and when they refused to follow it, politely saying you could no longer work for them--you administrated the illegal software, took their money for doing do, then turned right around to the BSA and took their money (offer) for ratting out your co-conspirators. You probably put an engineering company employing over 30 people out of business and got paid for doing so.

The company was advised they needed licenses, they were advised that not having the licenses would make the employee liable, and they said they didn't care. Frankly, at that point any moral obligations that an employee should have towards his employer have just disappeared in a puff of smoke.

At that point the employee has no moral reason to quit immediately, without having another job lined up, but is free to do what is best for him or her. That is make sure to avoid any liability, possibly by ratting, appear to be doing the job, take the salary, and look for another job. He can be sure that his boss is doing the same thing.

He didn't just turn the company in one day for shits and giggles, he was told by management that he was liable if anyone ever found out that they were using pirated software. The company put him in a position to be thrown under the bus should anything happen in the future, and this was long before he did anything to hurt the company.

The proper solution in this case (both legally and ethically) was to inform the BSA (or at least someone) that this was going on. It would have been illegal and unethical of him to continue to use the software it would be equally wrong of him to simply leave the company knowing full well what was happening. Furthermore, if he didn't report them and simply left the company he could still be liable in the future if the company claimed that he caused these problems before he left.

They're something to be said for being loyal to your employer, but this loyalty ends when your employer isn't loyal to you. This loyalty ends even faster when your employer tells you straight out that they aren't loyal to you, as they did in this case.

if someone at NASA and Thiokol had 'snitched' on their management to the media, then the Challenger would never have gone up in cold weather, the o-rings wouldn't have failed, the gas wouldn't have erupted into the main tank, the tank wouldn't have ruptured, and 7 people would be alive.

but hey. i guess 'not snitching' is more important than the lives of seven people.

When you turned around an bit your employer you lost credibility, because they hired you to give them your professional expertise.

Please re-read OP's original post. The part that caught my attention:

and said that they didnt care about my liability in the matter being the only IT person in the company.

Maybe the reward the BSA offered tempted him to tell them rather than the police or some other organisation. But the facts remain that (a) they were doing something illegal, (b) they planned to let him shou

You should be ashamed of yourself. If everyone knew the "truth" about you as you wanted the BSA to know the "truth" about your employer you would never have another job.

What I am ashamed of was thinking of profiting off of it.
Were I in the same position again I would have done the anonymous turn in and not attempted or dreamed of the reward.
Also I am open about why I left that engineering company in interviews. it doesnt hurt me in the least, and also by the reactions of the interviewing managers I get an idea if I will fit in with them.

Find some dirt on the BSA and chase them with it. You already have a false accusation letter which will cost you money to deal with maybe you could hound them for those costs until you find something bigger to take them on with. And remember, discovery is your friend, use it on anything and everything, it'll make them squirm.

Ok, you must have a profitable company if the BSA is actually coming at you.
I know because a former employer of mine was using tons of unlicensed software despite the advice of both myself and the company controller warning him that it wasn't right.
So I dropped the dime to the BSA. Know what they told me? The company wasn't healthy enough financially to bother going after. So start hiding assets.

We've just gotten a letter from an attorney representing the Business Software Alliance stating someone (we're certain it's a disgruntled former employee) submitted information we are using illegally copied software.

Reply to the letter like this:

We are in receipt of your correspondence reference ____ dated _____. Could you please advise details of the claim. What software is claimed to be in breach?

Send the reply by registered mail and then do nothing more until you receive a reply.

Laughs are great, but it looks like the freetards get the last one, doesn't it?

That 20-page license agreement for your superior closed-source $oftware pretty much sets you up for this kind of invasive nonsense, and you have very little recourse. Be sure to factor that in when you're doing your comparative "cost of use" estimations. If you actually did anything like that, of course...

I'm really glad the software shop I'm working with is on Linux. No Windows crap in sight. We could get one of those BSA letters and all have a good laugh.

I feel sorry for anyone that has to deal with the BSA. My condolences, but you should have chosen software without licensing issues. The idea of keeping track of the sales receipts as well as the licenses themselves is ridiculous. What would they do if you paid cash for the licenses? The source of the license does not matter as long as the license itself is not a forgery.

I feel sorry for anyone that has to deal with the BSA. My condolences, but you should have chosen software without licensing issues.

A noble public service, but it's like telling hard-core smokers that cigarettes are bad for them. They bought the high-priced license-encumbered crapware-packed proprietary stuff because the salesman told them it was the best and they have no choice. They're locked in now, and will continue to use it even if it drops runny poops on their shoes every time it runs.

There aren't any salesmen out there selling FOSS, and no slick ads for it on the teevee, so they'll never even know they had alternatives.

They bought the high-priced license-encumbered crapware-packed proprietary stuff because the salesman told them it was the best and they have no choice

No, they didn't, they bought the software they needed to run their business. They knew that, despite what the nut-case religious zealots told them, that there were no FOSS alternatives. There are no FOSS alternatives to the vast majority of software titles used by business to actually conduct their business. Of course, they could do as you suggest, stick with non-existing or non-functional software on their oh-so-wonderful Linux desktops, and then masturbated until they went bankrupt, but you see, most people are not like you, they prefer to actually complete the tasks their business was created to do.

they'll never even know they had alternatives

Again, they knew they didn't have any. They needed to accomplish more than you can with Eclipse and some software to display pictures of nude women for their mastubatory needs. Maybe they needed Photoshop for print work if they were an ad agency or Illustrator for doing design work, if they were a photography company they probably needed Lightroom for touch-ups and management, if they create videos they would have needed something like Premiere Pro, Vegas Pro or Final Cut Pro (pre the latest version which bizarrely can not do professional video work, don't know what Apple was thinking) and (no or here) Adobe After Effects. If the company was a travel agency they had to use proprietary software for this industry, not available on Linux.

Thinking that there actually are FOSS alternatives to most commercial software out there just shows that you have never actually been "out there". There isn't.

There aren't any salesmen out there selling FOSS, and no slick ads for it on the teevee, so they'll never even know they had alternatives.

Here we go again.

For most practical purposes, they do not have alternatives. Need to do payroll? No such thing on Linux. Need to do accounts? Very little choice, and if your local tax authorities demand you submit online (either through a web browser or using software that's been through some sort of certification process) even less choice. Need to do CAD? Give up now. Need to do anything industry-specific? For most industries, not a chance.

Paying a consultant to write something that will suit can easily cost several times more than buying something off-the-shelf and takes months, that's why most companies rely on off-the-shelf software. You can go from nothing to productive work in a matter of hours.

There is a damn good reason a BSA audit hasn't led to a company publicly dropping proprietary software since 2003; it's got nothing to do with slick salesmen and everything to do with practicality.

Sigh. This is a ridiculously naive posting and giving it a score of "insightful" is just plain dumb.

you should have chosen software without licensing issues

How was he supposed to do that? Is there software out there of this kind for all the types of software a business needs? How would you, for example, find software with similar features to Photoshop? Gimp? Don't make me laugh. How about Illustrator or Premiere Pro? Anything that is not license encumbered?

People acquire software to complete tasks. Software like Vegas Video, After Effects, Illustrator, Lightroom is essential to some business (that was just software for a business I know some things about) for which there are no real alternatives without licensing issues. Saying that people should have chosen other software is like saying they should find another field of work. There simply isn't any kind of software available for Linux, for example, that can do what this type of commercial software can do. Neither is anybody working on projects that will make the software available any time in the future.

The idea of keeping track of the sales receipts as well as the licenses themselves is ridiculous

You can't be serious. Not keeping track of what you legally purchase, as a business, is ridiculous. You have clearly never run a business of any kind. Of course you keep all the receipts, it's the law!, besides, not keeping them will cost you money since your accountant will not be able to deduct those expenses from your operating costs.

Do not say anything. Tell them to fuck off and don't address in particular or in general anything they alleged.

The *only* time you open your mouth to an agency (public or private) that is investigating you, whether it's the IRS, police, feds, or the BSA, is through a lawyer. That would typically take the form of a *response* to a demand letter.

A consultation and getting a response letter written by a good lawyer may run you circa $1-2k, but if the alternative is getting sued by the BSA or shutting down your company, it may be worth it.

Still, according to articles on the BSA, that's irrelevant and they'll end up suing us anyway.

First off, do not despair. That's not going to do you any good.

Don't be afraid to tell the lawyer that you don't have any money during your free initial 30 minutes consultation (assuming you're in the US, call your local State bar association for a referral). I'm sure that you'll be able to work something out with him or her.

For now, read the article quoted below. The point of that article is that you can do a lot of this work yourself, but that you should still hire a lawyer to at least "supervise" the self-audit process and act as a go-between.

Now the article doesn't mention it, but if I were you I'd check that any old computer laying around the closet has current valid licenses. Whatever happens, make sure you do not get penalized for super old hardware that you're not even using anymore. Also, start inspecting any computer the disgruntled employee has had access to. You never know what he may have installed on there without your knowledge. It's good to go in this with your eyes wide-open.

And then, try contacting the same types of companies in the same niche industry as yours, chances are that they're not just targeting you -- since they recently increased their volume of enforcement letters. So if you can find others within the same jurisdiction as yours, with a similar predicament, you may be able to band together and pool resources.

Let's face it, software asset management (SAM) might be a best practice, but there are still plenty of organizations out there who haven't instituted SAM due to a lack of resources or initiative. If your organization is one of them and the Business Software Alliance (BSA) hasn't come calling yet, there's still time to get your house in order. But once that BSA threat letter hits the mailbox, the ballgame changes.The BSA is known to be a persistent enforcement agency which rarely grants clemency to organizations once it begins settlement proceedings. The following eight tips are offered by two attorneys who specialize in BSA defense cases; they give advice on what to do once your business receives a letter requesting a BSA audit.

1. Retain a lawyer.The BSA is an efficient organization when it comes to extracting punitive damages from companies found to be in a non-compliant licensing situation—its experts and lawyers know copyright laws inside and out because that is all that they do. For that reason, Scott recommends seeking legal counsel as soon as an audit request is received from the BSA.

"Whether the attorney is working in-house or outside the firm, don't go it alone," you have an audit," said Rob Scott, partner at Houston-based Scott and Scott. Scott said. "The BSA has very experienced attorneys working for it and this is a very complicated process. It involves not only the legal issues related to copyright law, but also it subsumes with it all of the software licensing rules because the copyright claim that lies underneath the BSA audit matter is related to the software licensing rules."

2. Cooperate—carefully.As much as a business person would love to screw up their eyes and wish the BSA away, the trouble will only multiply through inaction. Though the BSA is not a law enforcement agency it is acting on the behalf of the software companies and it will take matters to civil court if a business does not cooperate with the self-audit process and settlement negotiations.

"When you get a letter from the BSA do not throw it away," said Steve Helland, partner at the Minneapolis-based law firm of Fredrikson and Byron. "That is a serious tip, because some people think that 'Oh if I ignore this it will just go away, but the cases where the BSA is most likely to file in court are where they think there has been infringement and they don't get any response

Tell them to go to hell and prove it in front of a judge and get a warrant. Don't let them in just beacuse they want to. Take your documentation for licenses and installs to court and show it to the judge. "we did an audit, this is what we use and we are licensed for these copies"

Also assume this "disgruntled ex-employee" planted something somewhere, so do another audit NOW.

First order of business, pull up information on the lawyer that initiated contact with you to determine how much experience they have at the firm. If you're a small company they may have someone with limited experience, say three years, and if so, argue as much as possible and you may distract them from one of my other points.

Secondly, forget anything you believe to be true about software licensing and forget about license agreements included with software. What Microsoft, Autodesk, Adobe, etc. licensing department tell you on the phone and what they state in their licensing terms is not true and will not hold up legally unless you have more money than the fines to afford lawyers to fight the big guns. It's not a legitimate license unless you have a receipt. This is important, I repeat, you do not have a legitimate license unless you have a receipt for it. It doesn't matter if it's past 7 years, you have product keys on the side of your chassis, or you have discs; you must have it on the receipt.

Thirdly, do not provide information unless you're specifically asked for it. Read what they've requested, interpret it as literally as possible and if that allows you to include some information and not include other information. This point may not seem relevant to you and I'm not going to get into detail, but I want you to consider this point for at least an hour as the outcome may have a huge monetary difference.

Fourth, you can't buy stuff now and attempt to pass it off as something you'd purchased before they served you. Don't even consider back-buying software you didn't own before. Date of receipt ties into point number two.

Fifth, consider how they obtained this information and how much the person who provided it really knows. I won't give you advice on what to do with the software this person may not be aware of but I'd ensure your file servers are Linux and if you've ever made a transition from Windows to Linux, hopefully it was a transparent process to the users.

I won't get into details over our case as it cost us a tremendous amount of money, five figures, and at the same time, they may have missed a lot of stuff (the site is certainly fully legal now). If you have any other questions, feel free to fire them off and I'll try to answer as well as possible. The best advice I can give you is to consider this a logic problem.

In order to pass the BSA's version of an audit, you don't just need receipts. You need receipts that:

1. Show retail purchases. In spite of the fact that it is perfectly legal to sell and purchase used software, the BSA pretends it's not. If you have a not-retail receipt, it's worthless.2. Show a date prior to the first contact from the BSA. If you have an un-dated receipt, it is worthless.3. Show the title of each piece of software purchased, on its own line item (quantities of identical titles are fine), with a line item price. You likely can't provide this for the copy of Windows that came with your PC.4. Show the name of the company being audited. Did one of your employee's buy it and get reimbursed? Worthless. Do you have company cards that show employee names? Worthless. Did the retailer not print the billing information on the receipt? Worthless. Was is purchased by a company you bought or merged with? Worthless

If you're incensed enough by now to invite the auditor's in, knock them on the head and bury them in the hill, good for you. But you'll likely want to pursue a more subtle response. An attorney is absolutely necessary, if for no other reason than that the lack of one will make you look like easy pickings. Winning this game is about paperwork, stalling, bluffing and bargaining. Once you retain an attorney, their advice will probably be to not respond outwardly until forced to. The BSA doesn't necessarily follow up on every nastygram they send. Responding when you don't have to is acting like a mark.

If the process does progress, remember at all times that what you are involved in, more than anything else, is a long, drawn-out negotiation. The BSA is out to scare people and fund itself. You want them to believe that you are worth very little and come with a big price tag attached. Everything is negotiable, every decision is mercenary.

If they won't accept the purchase order/invoice for you PC showing included software, ask to have the suit amended to include your computer vendor (HP, Dell, Lenovo, etc.) as a co-defendent for selling unlicensed software to you. If you can't get the suit amended, file a separate suit against your computer vendor. The point is to get the computer vendors, who are the biggest sellers of software involved fighting the BSA with you. As the biggest sellers of software, they have a lot of influence with the software vendors, and they have teams of lawyers who won't appreciate being named in a suit because the BSA won't accept their invoice as proof of purchase.

A consultation will not cost as much as you expect. Gather up all your licenses, receipts, and certificates and have him send copies to the BSA along with what is euphemisitically called a "robust" response. You'll probably want to threaten to claim vexatious litigation and assert that you will ask that legal expenses be awarded. Don't let them do an "audit".

And in the future, perhaps you might want to consider not doing business with BSA members. There are alternatives. Just a thought...

I don't happen to find any other post that mentions the elementary fact that unless you signed an agreement somewhere that gives the BSA the right to make an audit, you can just tell them to STFU and GTFO. If you bought everything at retail, for example, Best Buy, Provantage, PC Connection, etc, no such agreement would apply. It's when you buy site licenses or have to sign an agreement to make the purchase that you get roped in.

If there's something in the shrink wrap somewhere, then it gets murky. That's where they can claim that you "agreed" to something you never did, just by opening the package.

So step one is to ask them for their explicit basis of authority in your case.

If there's something in the shrink wrap somewhere, then it gets murky. That's where they can claim that you "agreed" to something you never did, just by opening the package.

I love those sorts of licenses. Be sure to invite them in to discuss the matter. Right after posting a sign in your lobby that by entering the premises they consent to a strip search and body cavity search. With a splintered 2x4. Said sign should only be visible once they've actually entered the premises.

First off, I am not a lawyer.... but the best option is to ignore them and hope that they go away. The BSA sends out scary letters all the time, but what can they really do? Send another even scarier letter? Don't talk to them, hang up when they call, and file their letters in a folder.

Here is how it works on the BSA side. A disgruntled employee contacts the BSA and makes the claim that a entity is using pirated software. They typically talk to the whisteblower multiple times on the phone and ask lots and lots of questions over and over before sending out the scary letter. They always run the risk that the person could be lying, crazy, or disgruntled.

In phase II, they get more legal and more specific and depose the informant and create a sworn statement. They put the informants claims in legalese and make them swear that it is true and sign it. After this happens, you will get scary letter two or three. Often times, the informant isn't disgruntled enough to perjure themselves and risk a countersuit from you company for monetary damages. The BSA will not go further without this because they don't want to be liable in a counter suit for civil damages. They need to show that they are acting in good faith that software piracy is occurring, without a specific sworn statement it amounts to hearsay. They pay a cash reward for information and they make the information work hard for the money they are never going to collect.:)

If you open the door and say, "Come on in and audit us, we've got nothing to hide." you are building a case against yourself. Even if you are legal, you're not since whatever proof you think you have will not be enough to appease them. In my opinion, the only way they can come in is if you let them in or a judge orders the audit as part of a discovery in a lawsuit. Apparently the EULA you clicked "I agree" to on install allows for auditing anytime, but no one has ever tested this legal theory. Meanwhile, do your own audit and make sure you are clean. Make it as difficult as possible on them and hope they go away. Then quit being such a jerk to your employees so they quite calling the BSA or switch to Open Source.:)

Following this advice I downloaded some of the approved audit software and ran it. It's almost a joke how short the Windows list is, and every single piece of software on that list I can confirm I have a license for, including receipts. We're primarily Linux, the only thing that we run in Windows is Adobe software and we own actual licenses for that. On top of that we have almost no money to speak of, and at this point since we're just working on products and have had basically no income (we're indie, currently only one person is considered "employed" and even then that's "part time") I'm no longer so worried. I'm speaking to a lawyer soon, I'll have him handle it, but I think this will end quickly.

Actually I just spent it poorly and I have bad organizational and management skills. It wasn't until the money ran out that I realized most of my team was so into what we were doing they'd do it with me for free in exchange for a fair portion of the profits - which is a great deal for everyone.

And only one of the 6 of us uses any commercial software in the first place, and we purchased his software over a year ago. I even did the audit on my workstation and I realized how little I used Windows - the installed software list was 2 pages, easliy less than a page if you exclude the Windows Live components and various updates/drivers. Everything else I have an appropriate license for/is free. Linux on the other hand, my installed package list is 2637 lines long, which is about 32 pages printed. I'm considering sending that list just to fuck with them.

He actually stole his notebook and it was a bitch to get back. When it did come back he had poured cola on it. We pulled the drive, checked it for anything incriminating but he had wiped and redacted it. We had it cleaned up (Toshiba is awesome!) and since we didn't need it anymore we gave it away to a family member.

Keep in mind that while they like to act as if they are a government / law enforcement agency they are merely a private party that is hoping that people will be impressed enough with their act to hand over enough information to hand themselves.

Well, this is sort of true. Courts can award them injunctions that warrant them the right to collect data from the premises as part of the discovery process. In this respect, they are still a private entity, but they have the backing of the court and generally a US marshal with them. Oh and they will be in possession of a court order at the same time.

First, they should have no authority to audit for any but their member companies [wikipedia.org] (which are not that many).

Second, I would challenge any search they did. Make them get a warrant signed by an actual judge. Then complain about the Probable Cause all the way! They are NOT a Police Force. That's why they need a Federal Marshal along.

Third, I would challenge that they are not the Real Party In Interest [wikipedia.org]. They lost nothing. If the actual company wants to sue you, fine; but the BSA is NOT properly a "Party". Th

Not really. That's why the GP pointed out that this is a civil, rather than a criminal matter. In criminal cases we have the principle of "innocent until proven guilty," but that's not true in civil cases. For civil cases, the judgment is supposed to go to the party that offers the preponderance of evidence in favor of their argument. If the BSA comes in and says it has an affidavit from a former employee that says he was eyewitness to license violations, and you come in with "no, we're fine"... well, that might not cut it. You'll want to provide some evidence in your favor.

Do you have a receipt for every copy of Photoshop or Office your company is using? Do you have the original media with the label showing the serial number? No? Well how did you get those serial numbers, then?

If it gets to the point that you're going to trial and you allow the BSA to determine the terms and nature of the audit, you will probably lose. What company doesn't have a few license violations here and there? Whether the violations are intentional or not, if you come before a judge and swear you are in absolute compliance and you have no reason to deal with the BSA, and the BSA shows proof of license violations, it will look bad for you.

Of course. Example: I used to run IT at a graphic design firm, where the designers were always hungry for more memory and faster CPUs. Each time they got a new Mac, I'd set it up with all their software and maybe swap it out while they were on lunch. As soon as I did that, I was in violation -- two Macs had copies of the same software with the same serial on them! Technicality? The vendor would probably give you a break for it? Sure. But what does "give you a break" mean if it's already heading for court?

Thinking about graphic design firms again, just suppose you were completely on top of it and had all your licenses for Photoshop, Illustrator, etc. in order. (We were actually pretty good about this.) What about fonts? Every font is a copyrighted piece of software. Is every computer in your shop with a copy of a font on it licensed for that font? Are you sure? Suppose one of your partners, clients, or a contractor e-mailed one of your designers some files and included the fonts in a Zip: violation. In fact, I'd wager if you don't have a site license from Adobe then you're almost certainly in violation -- and sometimes even then.

What about servers? Is your server software licensed based on the number of clients? Does it have a hard control over how many clients can connect to it? If it doesn't, are you sure you're in full compliance? Have you hired anyone lately?

There are countless examples, and most of them happen without actual malice. Unfortunately, nobody has to prove malice.

Failing to have receipts is not a requirement of any EULA that I've ever seen making it not even a civil matter. If they can't prove in court that the licenses aren't legitimate to the preponderance standard then they don't have anything.

This is about proving that you have purchased the license to run the software that the EULA applies to from a vendor who was licensed to sell it.

And the BSA already has someone saying that you have not.

If you have not purchased that license, then whether you are compliant with the EULA is immaterial. It is "pirated".If you cannot demonstrate that you have purchased that license, when someone else is willing to claim that you have not, then you will probably lose in court.

9. If you survive this, carefully investigate the potential to move your entire company to free, as in speech, software. If the only licenses you have to comply with are GPL, BSD, etc, the BSA won't have anything to audit.

Don't think you are exactly a troll or fool, just really ignorant and your kung-fu is really weak That said, what sort of idjit sends out a resume in Word these days? Half the time a Word doc won't render correctly on another copy of the same version.release of Word itself. On the other hand if it looks good in your copy of Adobe Reader it will almost certainly look the same in their copy of Adobe Reader or when printed on their printer. So that takes care of your concerns about brochures and your resume.

That leaves the possible problem of colaborating with someone who only uses Office AND creates such complex documents that translating between another product causes issues. In the real world there aren't many of those. Lets face it, 90% of users use almost no features in Word or OO.o. And of the 10% of power users you can probably work out an interop plan, since such people have learned, at a minimum, to deal with differing versions of Word since the PC and Mac versions don't release at the same time and that 10% is almost always an early adopter.

> manually typing in CSS and HTML does not show me what it looks like.

It does if you keep one or more browsers open on the document under construction. You will see EXACTLY what it will look like and even be able to see it in as many browsers as you need to support. And by running a local webserver and pointing the browsers at that you even see PHP, perl, whatever you are scripting your pages with. Just a question of whether you are a true webmaster or just another shlub using a GUI crutch. Hint: real Masters of HTML are worth a lot more. Break free of the cruches, kick your skills up to the next level and increase your worth.

> The Gimp creates visual distortions as the algorithms are not well done like Photoshop's.

Whatever. I certainly haven't seen anything like that. If you are airbrushing a supermodel's cleavage for the cover of Vogue you might actually need PhotoShop. If you are creating art for web pages you just need to invest some time in retraining in GIMP, Inkscape, Scribus and OO.o.

> Audicity is a joke for those who do professional audio editing, etc.

You do know Audacity is a great tool for it's intended audience, the podcaster and occasional audio editing user, right? It is apparently even popular on Windows. It makes no pretense of being the core of a digital audio workstation. There are of course other programs which do make those claims. There are even companies who sell laptops preloaded with Linux and a lot of audio creation software installed and integrated and sold as a digital audio workstation. I don't do that sort of work so can't tell you if it is on par with popular mainstream PC/Mac workstations. Hint: if it uses PulseAudio it ain't pro; if it isn't using JACK it ain't worth jack.

In the end, and to get back on topic, you have to run the calculus of whether the costs of closed software, which include the risk of being driven out of business by the BSA and the (perhaps zero for you) cost in loss of Freedom (RMS sense) are outweighed by a greater increase in productivity.

Posting near the top to state the bleeding obvious- 99% of Slashdotters are IANALs [wikipedia.org] and many will offer advice that sounds sensible to them, but may turn out to be woefully misguided and possibly have unintended consequences and land you in hot water (e.g. advice like this [slashdot.org]). This is because the legal system does not always actually work like geeks think it does [slashdot.org] (regardless of whether it *should* work that way).

Bottom line- unless the person is a lawyer, or has actual experience of having gone through this (and the consequences that ensued), you should not be taking their advice. And as I said in the post linked above, the problem is sorting out the ones who *actually* know what they're talking about from the armchair lawyers arrogant enough to think that they do.

So true... the legal system doesn't believe in logic... I have experienced this myself. Don't mess with it, as logical as your argument may be... you will lose because of some crap that has no bearing on reality or basic intelligence. Consult with a lawyer, and maybe you can countersue or something to help make up for some of the fees. The bottom line is, the system doesn't work and it isn't fair... don't play with it or mess with it.

Maybe pleading with the BSA would work... it might be cheaper as well, but in the end, you will be screwed out of money for this injustice. Welcome to America.

This is not quite true. The system does have lots of serious problems. But many of the arcane crazy rules you're complaining about serve essentially the same function as security patches: closing a loophole that any jackass can use to totally screw over people who actually try to use the system as intended. The thing with the law is that every part of it it is roughly analogous to the most hostile kind of IT security environment: a public internet facing server. Absolutely anyone who wants to can, will, and often already has messed with it to see what they can pull.

Remember the 54 Million Dollar Pants [wikipedia.org] lawsuit? The "logic" behind that absurd amount: He claimed the 'Satisaction Guaranteed' sign meant they had to give him literally anything he wanted. Failing to do so was a violation of the Consumer Protection and Procedures Act at $1K per violation. And since the law was nebulous about how a "violation" extends over time, he claimed that each day was a new violation. (There were other tricks involved.) That works out to millions of dollars because the store didn't live up to its "promise" to guarantee satisfaction no matter what.

Similarly, there are all kinds of arcane legal restrictions on when you're allowed to make various types of arguments. If you have even a 100% valid claim... but you don't assert it at the proper time? Too bad, you waived your right to assert it. This seems really unfair at first. But it is designed to prevent a specific type of gamesmanship, that would otherwise be trivially easy: Stalling.

Consider how many different ways there are to express even a very simple idea: the number 4. 4, 2+2, 2*2, the square root of 16, the list continues. To infinity; there are an unlimited number of ways to say "four". Many of which are complicated to parse out and determine that, in fact, it means four.

If you were allowed to revise your assertions into a law case at any time, you could stall any case, at any time, indefinitely by playing the same game, except with words. Each time you revise your filing, the judge and the other side have to review it, which necessarily introduces a delay. By doing this continually, you bury your opponent in paperwork so long as you can pay your lawyers.

This would turn any lawsuit into death by attrition: whoever has more money spends their opponent into the ground with stalling tactics. No one thinks the rules should permit this, and so the law has introduced mechanisms to prevent this sort of gamesmanship.

Which is an interesting point: One of the big criticisms of our legal system is how unbalanced it is, and how being on the less-well-funded side of a lawsuit is a terrible disadvantage. And that's with rules in place designed to thwart it. Imagine how well the system would work without these safeguards.

Most of the seemingly-illogical arcane details of the law are this sort of safeguard. The problem is, people who don't know the law are helpless. They've never heard of these rules, and even if they try to look it up, they won't navigate them as well as someone who knows what they're doing.

This is why you need to talk to a lawyer whenever you have any non-trivial interaction with the legal system. At all. Non-lawyers don't know how the system works, any more than non-programmers can debug a kernel panic.

When a judge tells me "I'm not so concerned with who lied about what" in a consumer fraud case I brought up in small claims court, and then finds for the company that screwed me, and then goes on to take away fines against the company... I have a problem with that... and I have no faith in a system that claims to be impartial or even capable of basic logic. How can a company that claims I had a signed contract with them, and then can't produce it (because they really didn't have one and continued to lie about it IN COURT) get away with winning such a case?! It just doesn't make sense. Yet I lost?

I realize IANAL, but SUPPOSEDLY this is why small claims is supposed to make this process easier for non-lawyers on "small cases". In my case, no lawyer would even take the case because $700 wasn't enough of a fine to get involved with. Obviously, the system does not care about justice, but more about money... and if you don't have enough, you will get screwed, just like I did.

I realize that there are safeguards in the system for bigger issues, as you describe. However, this was a simple case, with clear information... yet they got it wrong because they just didn't listen to me, and clearly refused to hear about the documented lies I was showing them. How can a judge ignore a lying defendant? Particularly in a consumer protection case, where lying is the POINT of the case in the first place?!

And I can't miss this opportunity to point out that THIS is a perfect example -- PERFECT -- of why everyone, liberal or conservative, should support loser-pay legislation. Or better yet, a rock-solid amendment to the US Constitution guaranteeing that "the party prevailing in any dispute, public or private, shall be entitled to reasonable compensation for expenses incurred."

To the original poster: as others here have said, you'd better dig in the sofa for change and scrape up the money to hire a lawyer, then hope for the best. But if the United States ever gets solid "loser pays" legislation, things like this won't be the terrifying things that they are. (Or for that matter, getting that dread "letter" from the RIAA or MPAA.) There are entirely too many stories of people who've finally prevailed in court, but who were bankrupted by the experience. That's just WRONG.

"Loser pays" means only the rich and big corporations would dare file a lawsuit. Joe Public injured by a company's negligence? He won't risk suing for damages since if he were to lose he'd have to pay for the corporation's team of lawyers.

Congratulations, you just cut the little guy out of the legal system, except as a target.

It doesn't work that way elsewhere. One of the strongest arguments for loser pay is the fact that most nations have it. The United States is somewhat unique in that respect. Did you know that?

Apparently, a whole bunch of other nations don't feel that it "cuts out the little guy." They think it's basic fairness.

It means that you can go into a lawyer's office with some hope that he/she will take your case, IF you have a good case, even if you don't have the money. It helps people like the OP here against the BSA, it helps grandma sue the landlord when he won't fix the air conditioner, it helps the guy who gets that stupid letter from the RIAA.

Don't take my word for it. Look into it. The ONLY people who are opposed to it the USA are those with a vested interest in keeping the system the way it is. This includes lazy lawyers who, just like the BSA, send a letter knowing that the recipient will probably try to haggle and settle, rather than go through the expense of a court trial, precisely BECAUSE that "little guy" doesn't have the time or resources to fight the suit.

A far more common scenario is the the Big Guy will take on the Little Guy. Little Guy scrapes together the money to fight the case for a while, but all Big Guy has to do is wait him out. Eventually, Little Guy runs out of money and has to take the best settlement he can afford.

If you don't realize that this happens every day, everywhere in the United States, and that "little guys" are in fact getting TRAMPLED in the current system, well... again, you need to actually look into it, instead of just reflexively opposing it because of some ideological predisposition.

"Loser pays for frivolous suit" and "loser pays, period" are two very different propositions. Don't forget that most European countries have laws based on French law of the Napoleonic era and (ultimately) Roman law. Law in the English-speaking countries is based on common law, and in the US is further modified by the fact that any common-law decisions made after 1776 have no formal weight in our courts.

Let me give you two true examples. Tell me whether loser pay would have helped in these cases.

1 - my wife and I rent a an older property. Nice location, decent house, but the carpet is old, the walls need work and there are other problems. When we move out, the landlord takes us to small claims court for the damage, KNOWING that we didn't actually do it. In a word: he's a crook. He let drop to a friend of mine that he was going to get us to spruce up his house for him. (Said friend was then so ticked off he

Apparently, a whole bunch of other nations don't feel that it "cuts out the little guy." They think it's basic fairness.

Well, they're wrong. Unless there is some limit on the amount of dilatory motions, and little-to-no Summary Judgment abilities, then the British Rule simply sucks. Unless you are the one with the infinite resources.

It's a wonderful idea in theory; but does it actually work in practice. Show me how it IS better; don't just opine that it SHOULD be better.

There are many ways of calculating prevailing-party attorney fees. Most courts recognize that actual costs may be disproportionate and inequitable. Thus, many jurisdictions rely on other calculations. Many courts or laws invoke a lodestar' calculation: reasonably expected billable hours multiplied by a reasonable hourly rate, sometimes multiplied by a factor reflecting the risk or complexity of the case.

A common fear about loser-pays is that the side who loses a routine dispute will get handed a bill for 10,000 hours from Cravath, Swaine & Moore. But European courts are well aware of the danger that successful litigants will overinvest in their cases and gold-plate their fee requests. They carefully control the process to prevent that danger, giving the losing side a full chance to dispute a fee award, requiring that work be reasonable and necessary, providing that elite lawyer rates not be paid if a Main Street lawyer could have done the job, and so forth.

Although fee awards are usually set high enough to apply serious incentive pressure, it is notable that no country appears to let winners recoup all the money they have spent on a suit. Some leave a portion of lawyers' hours unreimbursed, while others apply hourly rates that fall below prevailing levels. Some shift expert witness fees, but others do not.

Do you honestly think they will give a s**t about that? The BSA is a criminal bully in the traditional style that dates back to the dark ages (google "Danegeld"). If you are guilty and can pay, they will get money, If you are innocent but go bust, you will be an encouragement to future victims.
If you shut down now, they will still go for you.

No, this isn't legally gray. You're describing an attempt to shield assets in a way that is completely illegal ("fraudulent transfer" is the legal term). You can't possibly imagine that this would work for more than a week, can you?

Get legal help, now. The BSA will need to demonstrate that there is a real question about whether your software is "illegal" or not. If you have reasonable records, a judge can (can't promise that, though) grant a motion for summary judgment in your favor, dismissing the lawsuit.

Make it go to trial, and seek punitive damages if you can either from the former employee or the BSA for filing a frivolous lawsuit.

While you would think that being reasonable and cordial is the right thing to do, you've given the BSA a letter they can use against you. If they find even one copy of software which you can't find the receipt, they'll use the letter. Get a lawyer first which will advise you of what to do. Remember, the BSA has started out with a threat not a cordial letter themselves. From that stance I would surmise that even if they are wrong, they don't care.

NO! NEVER SAY ANYTHING YOU HAVEN'T RUN THROUGH YOUR OWN ATTORNEY TO AN ATTORNEY ON THE OTHER SIDE. There are so many problems with it. Anything you say can be twisted by them. At a minimum, the "Thank you for bringing this matter to our attention so we can put it to rest," could be construed as an admission that you thought you may have had piracy. Thereby negating any counterclaim and potentially surviving different motions to get rid of it earlier.

No, do not do this. Do not have any contact with them that's not through a lawyer. This is very important if it should ever go to court. And yes, BSA hates going to court. That's exactly why you should do it this way. Document the hell out of everything.

Have a lawyer draft a letter saying you're in compliance, have them send it, registered mail, to the BSA. This should not coast more than $150 or so.

There is a 90% chance that the BSA will back off when you do this. They will see you aren't a pushover. If they ever show up at your door without a subpoena, ask them to leave. Then call the cops.

Better:Dear BSA Attorney,Thank you for your note of the 29th. We've reviewed software use at OurCompany and we have found no unlicensed nor unlawfully copied software.

We ask you:Who has made these allegations against us? What precisely was alleged? Was there any ostensible evidence proffered to support these allegations?

We hope that our review has put these unfounded allegations to rest, and look forward to your reply,

You

If they want an audit, the reply to the request should note that you have privileged and proprietary information on your machines, that supervising the audit to ensure the security of this information and compensating for interference with and interruption of the operation of your computer systems will result in damages to your business, and while you are neither agreeing to nor refusing a software audit at this time, in discharging your obligations to your shareholders [and/or partners, investors, employees, etc. as appropriate] you would need non-disclosure agreements protecting your proprietary and privileged information, scrutiny of the backgrounds and prior approval of any proposed auditors, an agreement as to the limited scope, methods and purposes of the audit, a prior agreement as to the standards and consequences of such an audit, advance compensation for legal and other fees associated with the negotiation of their proposal and its implementation, and arrangements for specified compensation for any potential harm that might occur to your business, with acceptable performance bonds posted to ensure prompt compensation for any such harm. Further, you should request the full text and specifically applicable sections of any alleged potential contractual agreements which they believe may grant them any rights or impose any obligations to them by your company, with a notification of estoppel for any contractual claims of which they have not notified you, and reserving the right to dispute under estoppel, fraud or other theories any putative contractual claims made by them founded on the basis of alleged contracts to which both your company and the BSA are not both parties, putative contracts which were not signed, putative contracts which were not witnessed, putative contracts which were not sealed, putative contracts without demonstration of valid consideration, putative contracts in violation of law or public policy, including but not limited to: fraud, unconscionable, immoral, or impossible terms, coercive or misrepresented terms, those violating laws against barratry, maintenance, champerty, tortuous interference, frivolous and vexatious claims and litigation, and strategic lawsuits against public participation as well as any sections of such contracts violating , attempting to violate, or purporting to create a right to violate any of those laws or policies, or abridging, modifying, infringing or attempting or purporting to create a right to abridge, modify, or infringe any contractual rights assumed by law, including but not limited to peaceable enjoyment, warranties, implied terms, fair dealing and any other rights, privileges or legal theories which may be applicable to the case.

(Always use "alleged" or "putative" in connection with any "contract" which you might not want to follow slavishly - do not admit to the validity of any contracts with the BSA!)

Ask that they state which software package is being used without proper licensing and on which machines so that you may properly investigate it yourself.

If the police come to your door and say, "I know you are breaking the law because of an unnamed snitch, please allow me to look around to see what I can find to use against you...and by the way, I get a commission from convictions." Would you allow them in?

To go beyond this, watch this video [youtube.com]. It is best not to say anything under any circumstances to any figure of authority whose job it is place blame. They are human, and, like us, simply want to complete a task as quickly as possible and generate the maximum income. If you go in saying that you are not committing an offense, you immediately give them a offense on which to convict you.

The problem with the BSA and the RIAA and the MPAA is it is highly lucrative for them to harass people and firms because

I'd pursue some form of extralegal remediation against that disgruntled former employee. And then follow it up with the same against the BSA lawyers. If the legal system doesn't protect the little guy, then nobody should be surprised when the little guy takes care of business without it.

I'm sure threatening to have the BSA's arms ripped out of their sockets because they're winning will go over great when they take you to court, Chewie.

... To deal with the BSA: it's the way of the knife. Alternatively, get a picture of their kids playing, superimpose a targeting reticle on their heads and anonymously e-mail them their personnel. Works like charm.